Extracted

• • Target

    update.js

  • Size

    14.0MB

  • MD5

    f5939cb008c6b2f0b14ada53776fe570

  • SHA1

    1f536bd1399548d04aa0b4b6a74d5a8c12e3c643

  • SHA256

    a6125ebaa40f9c6eb9fe9b753c9f066e43713cab31c464d1601f7a2abdbe7c02

  • SHA512

    a5ccbc4ef7cd0f5a5ce34852fc4596573d1445a5563facb767d155371203916fd29d5ba2ab56507fed52e0c6979083a905f5cd9f8f579b5e709d7ae2f428ed61

  • SSDEEP

    49152:87V7zjCxbzqHlp4LhyN0kghDzLZzjYzYsmCW+8z2V35//9SGGqHm3quVIKXgxcER:m

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2